CVE-2020-0131

Name of the Vulnerable Software and Affected Versions Android versions Android-10

Description In the parseChunk function of MPEG4Extractor.cpp, there is a possible out of bounds write due to incompletely initialized data. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

Recommendations For Android version Android-10, update to a version that includes the fix for the issue in MPEG4Extractor.cpp. As a temporary workaround, consider restricting user interaction with potentially malicious media files until a patch is available.